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Overview 


•  Perspective 

•  The  Problem  Space 

•  The  Solution  Space  (Pre-Decisional) 

•  What  Success  Looks  Like 


Source:  SEI  DoD  IT  Systems 


— Technological/ Acquisition  Advances  Enabling  a  More  Responsive 

Software  Engineering  Institute  CamegieMellon  IT/Cyber  Acquisition  Environment  ^ 

©  2012  Carnegie  Mellon  University 


Perspective:  Cyber  Landscape 


Includes  all: 

•  System  of  Systems 

•  Architecture 

•  Services 

•  Networked  Hardware/  Platforms 

•  People  who  digitally  connect  to 
cyberspace 

What  are  the  opportunities? 


Transportation 

Infrastructure 
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Infrastructure 
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Infrastructure 
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Problem  Space:  Improving  Efficiency  and 
Effectiveness  in  IT/Cyber  Acquisitions  in  DoD 


Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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Problem  Space:  Current  DoD  IT  Environment 


Current  DoD  IT  Environment 


w 


Hundreds  of  sub-optinial  data  centers 
and  networks  incur  unnecessary  costs 


Limited  interoperability  reduces 
information  sharing  and  collaboration 
on  mission  threats 


Increasing  demand  for  new  technology 
on  rapidly  evolving  devices 


IT  Programs  average  81  Months* 
Cannot  rapidly  and  efficiently  field 
new  technology  to  meet 
warfighter  needs 


Cybersecurity  vulnerabilities  threaten 
to  exploit  classified  information  and 
endanger  our  national  security 


Current  IT  delivery  process  hinders  our 
ability  to  take  advantage  of  new 
commercial  technology 


Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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Problem  Space:  DoD  IT  Acquisition  Cycle-Time  -  32  MAIS* 


Milestone  B 
Planning  Phase 


Build  Phase 


Initial 

Operational 

Capability 


43 


48 


Analysis  of 
Alternatives 


-* 


Economic 

Analysis 


k 


Development 


MS  C 

Test 


Cycle-Time  Driven  by  Processes  Developed  to  Counter 
a  Cold  War  Adversary  In  Industrial  Age  Society 

‘Source:  Defense  Science  Board  Report,  March  2009 
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Problem  Space:  Generic  Acquisition  Process 


o  mo  24  mo  48  mo  72  mo  96  mo  120  mo  144  mo 


Source:  Defense  Science  Board  Report,  March  2009 
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Problem  Space:  No  Milestone  “D”  -  No  Way  to  Re-  Invest 
Replacement  Savings  Upfront 


Year 

Proportion  of 
software 

maintenance  costs 

Definition 

Reference 

2000 

>90% 

Software  cost  devoted  to  system  maintenance  & 
evolution  /  total  software  costs 

Erlikh  (2000) 

1993 

75% 

Software  maintenance  /  information  system  budget 
(in  Fortune  1000  companies) 

Eastwood  (1993) 

1990 

>90% 

Software  cost  devoted  to  system  maintenance  & 
evolution  /  total  software  costs 

Moad  (1990) 

1990 

60-70% 

Software  maintenance  /  total  management  information 
systems  (MIS)  operating  budgets 

Huff  (1990) 

1988 

60-70% 

Software  maintenance  /  total  management  information 
systems  (MIS)  operating  budgets 

Port  (1988) 

1984 

65-75% 

Effort  spent  on  software  maintenance  /  total  available 
software  engineering  effort. 

McKee (1984) 

1981 

>50% 

Staff  time  spent  on  maintenance  /  total  time  (in  487 
organizations) 

Lientz  &  Swanson  (1981) 

1979 

67% 

Maintenance  costs  /  total  software  costs 

Zelkowitz  etal.  (1979) 
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Technical  Talent 


Problem  Space:  Four  Key  Challenges  to  our  Technical  Base 


▲ 


Technology 

- ► 


Tech  Areas 
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Problem  Space:  Technological  Rate  of  Adoption 
-  the  Cyber  Domain  is  Hotly  Contested 


High 


C 

O 

(0 

o 

</) 

Q. 

O 

if) 


Low 


Sophistication 
Required  of  Actors 
Declining 


Sophistication 
Of  Available  Tools 
Growi 


sophisticated  C2 
cross  site  scripting 


^  packet  spoofing 

^  sniffers 
\sweepers 

\ 

\ 

back  doors 
disabling  audits 


“stealth”  /  advanced 
scanning 
techniques 

denial  of; 


...next? 


Staging 
distributed 
attacjk  tools 


www  attacks 
automated  probes/scans 
GUI 


burglaries 


network  mgmt.  diagnostics 
hijacki^ 
sessions4 


exploiting  known  vulnerabilities 
password  cracking 


self-replicating  code 
password  guessing 


Increased  GIG  Complexity 
&  Dependence  equates  to 
lower  entry  barriers  and 
potential  for  increased 
number  of  malicious  actors 


Source:  DoD 


Defensive  pleasures  are  outpaced  bv  the  well  resourced  sophisticated  threat .  . . 
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Problem  Space:  An  Effective  Process  for  Major  Defense 
Systems  -  But  Not  Very  Agile  for  IT  Systems 


Integrated  Defense  Acquisition,  Technology,  and  Logistics  Life  Cycle  Management  System 
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Problem  Space:  Alignment  of  Three  Major  DoD 
Decision  Support  Systems 


Effective  Interaction 
EssentiaUor  Success 


Big  A 


Source:  Defense  Acquisition  University 
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Problem  Space:  Software-Reliant  Acquisitions 
Can  Be  Difficult  to  Manage 


According  to  Fred  Brooks*  software  projects  are  difficult  because  of 
accidental  and  essential  difficulties 

•  Accidental  difficulties  are  caused  by  the  current  state  of  our 
understanding 

—  of  methods,  tools,  and  techniques 

—  of  the  underlying  technology  base 

•  Essential  difficulties  are  caused  by  the  inherent  nature  of  software 

—  invisibility  -  lack  of  physical  properties 

—  conformity 

—  changeability 

—  complexity 

*  Source:  The  Mythical  Man-Month  by  Fred  Brooks,  Addison  Wesley,  1 995  Qf  pfgcl  BfOOkS 
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Solution  Space:  Issues  Are  Well  Known  and  Are 
Being  Addressed 


House  Armed 
Services 
Committee 

National 

Research 

Council 

Defense 
Science  Board 

Business 
Executives  for 
National 
Security 

Defense  acquisition  process  structured  for  weapon  systems;  ill-suited 
for  information  technology 

✓ 

✓ 

✓ 

✓ 

Systems  take  too  long  to  deliver;  inconsistent  with  technology  cycle 

✓ 

✓ 

✓ 

Too  document  intensive,  time  consuming,  and  process  bound  to 
respond  effectively  to  end-user  needs 

✓ 

✓ 

✓ 

✓ 

Oversight  process  not  aligned  with  rapid  acquisitions  (favors  large 
programs,  high-level  oversight) 

✓ 

✓ 

Lack  of  accountability  by  personnel  in  the  oversight  process 

✓ 

✓ 

Complexity  inherent  in  aligning  three  major  Departmental  processes  - 
Requirements,  Resourcing  and  Acquisition 

✓ 

✓ 

Funding  process  inconsistent  with  pace  of  evolving  mission 
requirements 

✓ 

✓ 

Current  metrics  (financial,  acquisition  process)  don't  work  well  in 
measuring  IT  success 

✓ 

✓ 

Lack  of  meaningful  trades  between  performance,  cost,  and  date-to-field 

✓ 

✓ 

✓ 

✓ 

Overly  detailed  requirements  that  are  inconsistent  with  pace  of 
technology  change  and  need  for  rapid  delivery 

✓ 

✓ 

✓ 

Inability  to  prioritize  requirements  effectively 

✓ 

✓ 

✓ 

Testing  is  integrated  too  late  and  serially 

✓ 

✓ 

Cyber-security  is  inadequately  managed  during  the  acquisition  process 

✓ 

Lack  sufficient  numbers  of  individuals  with  proven  records  of 
acquisition  success 

✓ 

✓ 

✓ 

✓ 

Significant  cultural  impediments  to  change 

✓ 

✓ 

Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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Solution  Space:  Legislative  Landscape  -  2009 
and  201 1  National  Authorization  Acts 


Sec  804:  NEW  IT  ACQUISITION 
PROC  ESS  REQUIRED 


Sec  933:  STRATEGY  FOR 
ACQUISITION  OVERSIGHT 
OF  DoD  CYBER  WARFARE  CAPABILITIES 


"The  Secretary  of  Defense  shall  develop  and 
implement  a  new  acquisition  process  for  information 
technology  systems 

•  Be  based  on  the  recommendations  in  Chapter  6 
of  the  March  2009  report  of  the  DSB  Task  Force 
on  DoD  and  Procedures  for  the  Acquisition  of 
Information  Technology 

•  Be  designed  to  include — 

(A)  early  and  continual  involvement 
of  the  user: 

(B)  multiple,  rapidly  executed 
increments  or  releases  of  capability: 

(C)  early,  successive  prototyping  to 
support  an  evolutionary  approach: 

(D)  a  modular,  open-systems  approach 


"The  Secretary  of  Defense,  in  consultation  with  the 
Secretaries  of  the  military  departments,  shall  develop 
a  strategy  to  provide  for  the  rapid  acquisition  of 
tools,  applications,  and  other  capabilities  for  cyber 
warfare  for  the  United  States  Cyber  Command  and 
the  cyber  operations  components  of  the  military 
departments” 

(1)  An  orderly  process  for  determining  and 
approving  operational  requirements 

(2)  A  well-defined,  repeatable,  transparent,  and 
disciplined  process  for  developing  capabilities  to 
meet  such  requirements,  in  accordance  with  the 
information  technolog}'  acquisition  process 
developed  pursuant  to  section  804  of  the  2010 
NDAA” 


Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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Solution  Space:  Section  804  -  IT  Acquisition 
Reform  Goals 


Objectives 

Guiding  Principles  in  Report  to  Congress 

-  Deliver  Earty  and  Often  -  Be  responsive  to 
the  users  needs 

-  Incremental  and  Iterative  Development  and 
Testing 

-  Rationalized  Requirements  -  Balance  user 
needs  with  constraints 

-  Flexible/Tailored  Processes  -  Customize  to  IT 
category 

-  Knowledgeable  and  Experience  IT  Workforce 
-  Understands  IT  uniqueness 

Provide  a  simplified,  tailorable  approach  for 
delivering  IT  capability  that: 

-  Favors  mature  technology  (OTS).  emphasizes 
the  Enterprise  and  eliminates  redundancy 


Reform  Tenets 

An  actively  managed  portfolio-based  construct 
used  to  plan,  resource,  and  manage  capability 
delivery  and  execution 

Tailored  acquisition  process  with  an  emphasis 
on  short  duration  projects  that  deliver 
incremental  capability 

Capability-based  requirements  process  that 
reflect  user  needs  with  “rationalized" 
constraints 

Greater  funding  flexibility  for  portfolio-aligned 
information  capabilities 
Portfolio-based  oversight  and  management  of 
the  IT  Enterprise  using  well-defined  Enterprise 
Architectures 


Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 


— Technological/ Acquisition  Advances  Enabling  a  More  Responsive 

Software  Engineering  Institute  CamegieMellon  IT/Cyber  Acquisition  Environment 

©  2012  Carnegie  Mellon  University 


Solution  Space:  IT  Reforms  in  Progress 


X 


Section  804 


OSD/AT&L 

New  IT  Acquisitiou  Framework  for  * 
DODI  5C00.B2  Update 

Joint  Staff 

New  JC3DS  [Manual  Streamlining 
MAIS/IT  Requirements 

DOT&E/DDT&E 

Streamlining  and  iutegrntiug 
TAT  for  IT  development 


DoD  CIO 

IT  Reform  for  Agile,  Secure, 
Efficient,,  and  Effective  DoH  IT 


DCMO 

Business  Capability  Lifecycle  (BCL) 


rs  k  mmm ; 
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“5  f  m  r!  \~Z~i  ^ 


Each  Functional  Area  Moving  Out  on  Reforms  vice  Single  Section 

804  Effort 


Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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Solution  Space:  Section  804  Improvement 
Acquisition  Concepts 


\ 

f - 

\ 

Funding  &  Resourcing 

Portfolio  Si  Governance 

\ _ 

_ J 

k _ 

_ J 
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Architecture 


Requirements 


V 


Key  interfaces: 

*  User  to  Portfolio 

*  User  to  Acquisition 

*  Portfolio  to  Acquisition 

*  Portfolio  to  Requi  rements 


Contracting 

V 

J 

Test,  Evaluation,  and 
Certification 


■'N 


A 


•  Incremental  and  Iterative  Development  and  Testing 

*  Kuoivledgeable  /  Experienced  IT  Workforce 


Overarching  Principles 

*  Deliver  Early  and  Ofteu 
Rationalized  Requirements 
Flexible  and  Tailored  Processes 

Provide  a  simplified.  taito  table  approach  for  delivering  IT  capability  that  favors  mature 
technology,  emphasizes  the  Enterprise,  and  eliminates  redundancy 

Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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Solution  Space:  Systems  Engineering  -  Key 
Upfront  Discipline 


h* 


5  to  15  Years 


H 


I 


I 


I 


Concept 

Material 

Technology 

Engineering  & 

Production 

Enqineerinq 

Solution 

Development 

Manufacturing 

&  Deployment 

Operations 

MDD 

Analvsis 

MS 

MS 

Development 

MS 

i 

♦  Intel  review 

♦  DP/Early  SE 

A 

•Threat  assess 

B 

♦CDR 

C 

LRIP  !  FRP 

i 

• 

♦  Sustainment 

♦  Op  needs 

♦  AoA 

♦  System  Spec 

♦TRR 

1 

i 

♦  Disposal 

•Tech 

♦  Red  Taming 

•SEP 

•  Dev  test  &  eval 

♦Transition 

objectives 

♦SEP 

♦T&E  plan 

•Initial  Ops  Test 

*  Ops  Test&  Eval 

•SCR 

♦T&E  Strategy 

♦  SRR  &  PDR 

&  Eval 

♦Training 

♦  Prototype  dev 

♦PRR 

♦TRA 

•TRA  Update 

Technology  and  Risk  Reduction 

♦Technology  “push”  investment 

♦  Technology  maturation 

•  Phenomenology  measurements 


70-75%  of  Cost  Decisions  Made  Prior 
to  Milestone  A 

Impact  72%  of  Total  Life  Cycle  Costs 


AoA  -  Assessment  of  Alternatives 
DP  -  Developmental  Planning 
MDD  -  Material  Development  Decision 
SCR -System  Concept  Review 
SRR- System  Requirements  Review 
SEP -System  Engineering  Plan 
PDR- Preliminary  Design  Review 
CDR- Critical  Design  Review 
TRR  -  T est  Readiness  Review 
PRR  -  Production  Readiness  Review 
LRIP- Low -Rate  Initial  Production 
FRP  -  Full  Rate  Production 

Source:  DDR&E 
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What  Success  Looks  Like:  Enabled  Agile 
Capability  Delivery 


Deliver  usable 
capabilities 

to  users  every  6-12 
months 


Active  user  involvement 

to  prioritize  requirements  and 
provide  responsive  feedback 
during  development 


T 


A  different  approach  to 
project  management  - 
Smaii,  dynamic,  and 
empowered  teams 


Roadmaps  and 
architectures  align 
agile  increments  into 
larger  capabilities 


/  f 


Jl 
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Small  scoped  releases 

responsive  to  changes 

in  ops,  tech,  budget.  . . 


Streamlined  contracting 
processes  leveraging  existing 
contract  vehicles  for  rapid 
Task:  Deli  very  Order  execution 


Leveraging  common 

infrastructure  platforms, 

standards,  and  interfaces 


Integrated  test  &  evaluation, 
certifications  during  development 
leveraging  common  test 
infrastructure,  automated  tools 


Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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What  Success  Looks  Like:  Alignment  with  DoD’s 
Better  Buying  Power 


Better  Buying  Power  Tenets 

Agile  Capability  Delivery 

Target  Afford  a  bility  and  Control  Cost  Growth 

*  Mandate  affordability  as  requirement 

*  Set  shorter  prog  ram  ti  meli  nes  and  man  age  to  the  m 

*  Agil  e  Capab  i  l  ity  De  1  ive  ry  p  rov  id  es  time  ly  del  ivery  of  effective 
and  efficient  capabilities 

■  Releases  are  cost  and  schedule  constrained 

■  Emp hasis  o n  affordab ility  and  sho rt  program  tim el i nes 

Incentivize  Productivity  and  Innovation  in  Industry 

*  Increase  the  use  of  FPIF  contract  type 

*  Reinvigorate  industry's  independent  research  and 
development  and  protect  the  defense  technology  base 

■  Cost  a  nd  sch  ed  ul  e  constra  i  ned  develop  ment  cycles  pe  rm  it 
the  frequent  use  of  Fixed  Price  type  contracts 

■  Flexi  bl  e  requ  irem  ents  refinementprocessa  Hows  the  f  re  que  nt 
integration  of  current  technologies 

Promote  Real  Competition 

*  Pres  e  nt  a  co  m  petitive  st  rategy  at  e  ach  program  m  i  lesto  ne 

*  Require  open  system  architecture 

*  Increase  dynamic  small  business  role  in  defense  marketplace 
competition 

■  Sm  aller  i  ncre  ments  provides  op  po  rtun  ities  for  f req  uent 
competition  and  greater  small  business  participation 
»  Agi  1  e  Ca  pa  bility  Delivery  e  nco  ura  ges  the  use  of  op  e  n  system  s 
architectures 

Im  prove  Tradecr aft  in  Se  rvic  es  Ac  qu  isitio  n 
•  Address  ca  u  ses  of  poo  r  t  rad  ecraft  i  n  se  rvices  a  cqu  isition 

Reduce  Non-Productive  Processes  and  Bureaucracy 

*  Reduce thenumberof OSD-leve  1  reviews 

*  Elim  i  n  ate  So w-val  ue-a  dded  statute  ry  processes 

■  Reduces  non-productive  processes  and  bureaucracy 

■  Stream  1  ines  test  and certif icatio np recesses  forfiaster 
deliveries 

Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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What  Success  Looks  Like 


Reduced  costs  for  data  ceuters  and 
applications 


Improved  interoperability'  for  better 
coordination  and  collaboration 


improved  user  satisfaction  aud 

mission  success 


Faster,  more  responsive  capability 
deliveries  to  Warfighters 


Improved  security  to  reduce  cyber 
threats 


Faster  adoption  of  commercial  IF 
breakthroughs 


Source:  Director,  Command  and  Control,  Programs  &  Policy  (OSD)  -  Pre-Decisional 
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Contact  Information 


Dr.  Kenneth  E.  Nidiffer,  Director  of  Strategic  Plans  for  Government 
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